MercuryChat Privacy Policy

Effective Date: February 2026

1. Introduction

MercuryChat ("MercuryChat", "we", "our", or "us") provides an AI-powered voice assistant platform that enables automated voice calling, knowledge base search, CRM integrations, and call analytics.

This Privacy Policy explains how we collect, use, process, and protect information when you use our services.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

Account Information

When you create or access an account, we collect:

Name
Email address
Organization information
Authentication information via Google Sign-In or other identity providers

Call Data

When voice calls are made using the platform, we may collect:

Caller phone numbers
Call transcripts (generated from real-time speech-to-text processing)
Call duration and timestamps
Call outcomes, summaries, and metadata

Note: MercuryChat does not store audio recordings. Voice audio is streamed in real-time for transcription and is not retained after the call ends. Only text transcripts are stored.

CRM Data

When you integrate a CRM (such as Zoho CRM or Salesforce), the Service may access:

Contact names
Phone numbers
CRM identifiers
Interaction history

CRM data is accessed only during authorized workflows and subject to user configuration.

Knowledge Base Data

Users may upload documents or structured data to power the AI assistant, including:

FAQs
Product information
Support documentation
Internal knowledge bases

Google Calendar Data

If you authorize calendar access during sign-in, MercuryChat may:

Read your calendar events to check for scheduling conflicts
Create calendar events for appointments scheduled through the Service
Send calendar invitations to call participants

Your Google authentication refresh token is stored securely to maintain calendar access between sessions.

Usage Data

We automatically collect certain technical information including:

Page views
Feature usage
System logs
Device/browser metadata
Performance metrics
IP address (for security, rate limiting, and logging)

3. How We Use Your Information

We use collected information to:

Provide and operate the MercuryChat platform
Enable automated AI-powered voice conversations
Retrieve knowledge base information through Retrieval-Augmented Generation (RAG)
Personalize interactions using CRM data (when authorized)
Generate analytics and performance reports
Monitor system performance and reliability
Detect fraud, abuse, or security threats
Improve product functionality and develop new features

4. Consent and CRM Data Lookups

Before retrieving personal information from an integrated CRM system during a call, the system may request verbal consent from the caller.

If consent is declined:

CRM data will not be retrieved
The conversation proceeds without personalization

Consent decisions may be logged for auditing and compliance purposes.

Users are responsible for ensuring compliance with applicable consent and telecommunications laws.

5. AI Processing and Automated Systems

MercuryChat uses artificial intelligence and machine learning technologies to process call transcripts and generate responses.

These systems may analyze:

Voice input
Call transcripts
Knowledge base data
Contextual information from CRM systems

AI-generated responses are produced automatically and may involve processing by third-party AI model providers.

Customer data is not used to train AI models unless explicitly authorized by the customer.

6. Data Sharing and Service Providers

We do not sell personal information.

Information may be processed by trusted service providers necessary to operate the Service, including:

Telephony Providers

Example: Twilio. Used for voice call processing, phone number management, and call routing.

Speech-to-Text Providers

Example: Deepgram. Voice audio is streamed in real-time to generate text transcripts. Audio is not stored by MercuryChat after processing.

Text-to-Speech Providers

Example: ElevenLabs. Text responses are converted to voice audio for delivery to call participants.

CRM Providers

Example: Zoho CRM, Salesforce, or other connected platforms. Used to retrieve contact data and log call activities when configured by the user.

AI Language Model Providers

Example: OpenAI. Call transcripts and conversation context are processed by AI language model providers to generate conversational responses and summaries.

Vector Database Providers

Example: Qdrant. Knowledge base documents are converted to vector embeddings and stored in a vector database to enable AI-powered search and retrieval.

Email Service Providers

Example: Resend. Used to send transactional emails such as user invitation notifications.

Cloud Infrastructure Providers

Secure cloud infrastructure providers host system databases, storage, and application services.

These providers are contractually required to safeguard user data.

7. Cookies

MercuryChat uses a limited number of cookies that are strictly necessary for the Service to function:

Session cookie (access_token): An HTTP-only, secure cookie containing your authentication token. Expires after 24 hours.
OAuth state cookie (oauth_state): A temporary HTTP-only cookie used to prevent cross-site request forgery during Google Sign-In. Expires after 10 minutes and is deleted after authentication completes.

MercuryChat does not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Data Retention

We retain data only as long as necessary to provide the Service.

Typical retention periods include:

Account data: retained while your account is active
Call transcripts and logs: retained according to your organization's configuration
Knowledge base data: retained until deleted by the user
System logs: retained for security and operational monitoring

Organizations may request deletion of their data.

9. Data Security

MercuryChat implements administrative, technical, and organizational safeguards to protect user data, including:

Encrypted HTTPS communication
Secure API authentication
Role-based access controls
Audit logging
Infrastructure security monitoring

While we take reasonable steps to protect data, no system can guarantee absolute security.

10. International Data Transfers

MercuryChat may process and store data in multiple jurisdictions depending on the location of infrastructure providers.

By using the Service, you acknowledge that your data may be transferred to and processed in countries outside your own.

Where applicable, appropriate safeguards are implemented to protect personal data.

11. Your Data Rights

Depending on your jurisdiction, you may have the right to:

Access personal data
Correct inaccurate information
Request deletion of personal data
Restrict or object to processing
Receive a copy of your data (data portability)

If you are interacting with MercuryChat through an organization, please contact your organization's administrator to exercise these rights.

12. Applicable Regulations

MercuryChat is designed to support compliance with major privacy and telecommunications frameworks including:

GDPR (European Union and United Kingdom)
CCPA / CPRA (California)
TCPA (United States)
PIPEDA (Canada)

Organizations using MercuryChat are responsible for ensuring their use complies with applicable laws in their jurisdiction.

13. Children's Privacy

MercuryChat is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically.

If material changes occur, we will notify users through the Service or other appropriate communication channels.

Continued use of the Service after updates indicates acceptance of the revised policy.

15. Contact Information

For questions regarding this Privacy Policy or data protection inquiries, please contact:

privacy@mercurychat.ai